General

  • Target

    TEKLFSTEIUnileverSanveTicTrkA_PDF.exe

  • Size

    1.0MB

  • Sample

    241206-l6z2csxrfq

  • MD5

    d5638e5f31cf773739d221f386c42557

  • SHA1

    8189fd50aac34c9926b0bc456e58d7a59edc3e34

  • SHA256

    e8f166c0f410ff3da2382987aeb59a652c3c042d85b0ca92b71e5bba2629e3c1

  • SHA512

    554d838ac3fae17c46edd02998a565424b029c876deab9c489fcdee4d909d344d8741742aae80fe4b1b04a267b5904b6d9f2c62adb2e0b792e7063475ef6e858

  • SSDEEP

    24576:Gu6J33O0c+JY5UZ+XC0kGso6Fa/v6UjCwuk3n0dWY:Iu0c++OCvkGs9Fa/v6Ujsk3RY

Malware Config

Extracted

Family

vipkeylogger

Credentials

Targets

    • Target

      TEKLFSTEIUnileverSanveTicTrkA_PDF.exe

    • Size

      1.0MB

    • MD5

      d5638e5f31cf773739d221f386c42557

    • SHA1

      8189fd50aac34c9926b0bc456e58d7a59edc3e34

    • SHA256

      e8f166c0f410ff3da2382987aeb59a652c3c042d85b0ca92b71e5bba2629e3c1

    • SHA512

      554d838ac3fae17c46edd02998a565424b029c876deab9c489fcdee4d909d344d8741742aae80fe4b1b04a267b5904b6d9f2c62adb2e0b792e7063475ef6e858

    • SSDEEP

      24576:Gu6J33O0c+JY5UZ+XC0kGso6Fa/v6UjCwuk3n0dWY:Iu0c++OCvkGs9Fa/v6Ujsk3RY

    • VIPKeylogger

      VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.

    • Vipkeylogger family

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks